Set up your own TLD in BIND for ease of navigation.
If you administer a network that uses private addressing, you’ve almost certainly encountered the disassociated schizophrenia of trying to maintain zone files that properly reflect internal and external IP addresses. With the introduction of Views in Bind 9, supporting multiple address ranges in a single domain has been significantly streamlined.
While using views is one way to attack the problem, consider the ease
of setting up your own top-level domain. Normally,
zone entries in
named.conf
look something like this:
zone "oreillynet.com" { type master; file "data/oreillynet.com"; };
This is an entry appropriate for an authoritative DNS server for the
oreillynet.com subdomain. The actual top-level
domains (i.e., .com
,
.net
, .org,
.int, etc.) are only delegated to the mysterious
13 known as the root DNS servers. Even though your servers
won’t be consulted by the rest of the Internet, it
can be handy to set up your very own TLD that works only on your
local network.
For example, suppose you have a group of machines that use the private 192.168.1.0/24 network. These machines aren’t directly reachable from the Internet, and you don’t really want to advertise their DNS information to would-be network crackers. Try a non-standard TLD:
zone "bp" { type master; file "data/bp"; allow-transfer { 192.168.1/24; }; allow-query { 192.168.1/24; }; };
The bp
is short for BackPlane—and, more to
the point, the bp
is just plain short. With the
preceding code added to your zone file, set up a master record for
bp
just as you would any other domain:
$TTL 86400 @ IN SOA ns.bp. root.homer.bp. ( 2002090100 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire (1 week) 60 ; Negative expiry time ) IN NS ns.bp. ns IN A 192.168.1.1 homer IN A 192.168.1.10 bart IN A 192.168.1.11 lisa IN A 192.168.1.12
Reload named, and you should be able to simply
ping
homer.bp
. If
you’d like other name servers to maintain slave
copies of your TLD, just add them as usual:
zone "bp" { type slave; file "db.bp"; masters { 192.168.1.1; }; };
In this way, you can extend your new TLD across your entire private network architecture. If you’re running tunnels over the Internet [Hack #54] to connect remote offices or friends, support for your TLD could theoretically grow to be as large as you like. This is exactly what some wireless community networks (like NoCatNet and SeattleWireless) are doing. For example, users on SeattleWireless can browse to http://www.rob.swn/ to hit a web server that I host on the wireless network. This shortcut of using a custom TLD saves a lot of typing, doesn’t require Internet access to work, and is much easier than remembering IP addresses.
Get Wireless Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.